City/State

Norfolk, VA

Work Shift

First (Days)

Overview:

Overview

The Manager – Cyber Security Compliance is responsible for establishing and maintaining the overall cyber security compliance program. This position will lead a team of cyber security compliance professionals by enabling a holistic compliance framework and assurance readiness for regulations, standards, and contract obligations within Sentara Healthcare. Managing and reporting on cyber security compliance in a manner that meets Sentara Healthcare’s requirements. Reporting to the Director of GRC in Cyber Security, this leader ensures compliance against regulatory, industry and contractual requirements. Further, set the strategy and drive effective process, methodology and technology solutions to support the cyber defense of Sentara Healthcare, focusing on continuous improvement, data protection, governance, risk management, and mitigation.

As a domain expert in compliance and assurance, engage at management and technical levels to develop/refine strategy, identify control breakdowns, risks, and opportunities to deliver a comprehensive and robust compliance function. In addition, elevate how we engage with business and technology control owners. Establish a framework and process to execute readiness assessments for compliance against cyber security standards and requirements.

Primary Responsibilities:

• Lead team of cyber security compliance professionals to measure compliance against a broad range of control requirements, both internally and externally.
• Ownership of cyber security compliance strategy, programs and related initiatives including regulatory audits and compliance management, Controls testing, medical device security, metrics and risk and performance indicators.
• Understand key security and compliance frameworks including but not limited to HIPAA, HICP 405(d), NIST800-171, SOC2, ISO27001, and laws/regulations.
• Manage compliance initiatives to ensure control effectiveness with applicable laws and regulations, as well as internal policies and procedures.
• Monitor activities of assigned IT areas to ensure control assurance of internal policies and standards.
• Participate in the development and implementation of new business initiatives involving compliance to ensure functionality required to support required compliance.
• Provide guidance to business functions on compliance/security-related matters and lead investigations.
• Coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate corrective actions process for ownership and timely remediations.
• Initiate improvement activities to reduce risk, ensure compliance, lower cost, and improve quality within IT processes.
• Refine and revise existing policies

Education

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (Preferred)

OR

• 7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)

Certification/Licensure

• CISSP (Certified Information Systems Security Professional)(Preferred)
• CISM (Certified Information Security Manager)(Preferred)
• CRISC (Certified in Risk and Information Systems Control)(Preferred)
• CISA (Certified Information Systems Auditor)(Preferred)

Experience

• 5+ years in a cyber security management role, preferably in Governance, Risk or Compliance with a Bachelor's Degree (Required)

• 7+ years in a cyber security management role, preferably in Governance, Risk or Compliance without a Bachelor's Degree (Required)

• Preferred candidates will have moved up through the ranks of Cyber Security Governance, Risk and Compliance.

• Experience with various industry regulations and frameworks (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, etc.)

• Experience with GRC tools such as Service Now, Archer, etc.

• Experience working in a highly regulated environment.

• Experience in information security and auditing with increasing responsibilities.

• Strong background in security controls, auditing, network, and system security.

• Ability to express complex technical concepts in business terms.

• Evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.

• Ability to build and manage a highly motivated team

• Organized and detail-oriented, able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.

• Proven ability to manage and mentor cyber security analysts at all levels.

Keywords: Talroo - IT

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30,000-member workforce. Diversity, inclusion, and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission “to improve health every day,” this is a tobacco-free environment.

For positions that are available as remote work, Sentara Health employs associates in the following states:

Alabama, Delaware, Florida, Georgia, Idaho, Indiana, Kansas, Louisiana, Maine, Maryland, Minnesota, Nebraska, Nevada, New Hampshire, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, West Virginia, Wisconsin, and Wyoming.